Hello, Am 06.05.2013 10:42, schrieb Jonas Meurer: > I fear that I discovered a security issue in Nagios 3.4.4 status.cgi:
no comments on that? > All htaccess users, even if not listed in any authorized_for_* config > option, have full access to service group overview, summary and grid: > /nagios/cgi-bin/status.cgi?servicegroup=all&style=overview > /nagios/cgi-bin/status.cgi?servicegroup=all&style=summary > /nagios/cgi-bin/status.cgi?servicegroup=all&style=grid > > I hope that this is not intended. Is this issue known? > > Kind regards, > jonas > > > ------------------------------------------------------------------------------ > Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET > Get 100% visibility into your production application - at no cost. > Code-level diagnostics for performance bottlenecks with <2% overhead > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap1 > _______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when reporting > any issue. > ::: Messages without supporting info will risk being sent to /dev/null > ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
